Response Verification

Given the seed information and the auditor subsets assigned to each enclave during the epoch, anyone can verify the correctness of the audit responses that were submitted by the auditors. If any audit data is wrong or missing, anyone can challenge the audit response within $f$ seconds (ResponseVerificationPeriod) after the end of the Epoch. The challenger has to stake POND amount to create a challenge and the expected response is re-computed on-chain. If the challenge is valid, then the POND tokens staked by auditor are slashed and the challenger receives a portion of the penalty. A challenge is considered invalid if the response generated by auditor was found to be correct after onchain verification. This triggers the POND tokens staked by challenger to be slashed.

It is the auditors stake which is slashed and not the enclave operator's because the audit responses are supposed to originate from an enclave and their attestations are to be checked by auditors. If the attestations are invalid, the auditor is supposed to mark the enclave as being offline. So, the only case when an audit response is incorrectly submitted on-chain is when the auditor doesn't actually audit and only submits random values on-chain. Similarly, the seed information shared by enclave hosts is assumed to be correct as the attestations in that case are verified on-chain.